Determining a deployment of an access control system

ABSTRACT

Methods, devices, and computer-readable media for determining a deployment of an access control system are described herein. One method includes extracting a plurality of two-dimensional spaces from a building information model of a facility, determining a plurality of connections between the plurality of spaces, defining a zone of the facility, wherein the zone includes a subset of the plurality of spaces and a subset of the plurality of connections between the spaces, and associating an access reader with a particular connection of the subset of the plurality of connections located on a boundary of the zone.

TECHNICAL FIELD

The present disclosure relates to methods, devices, andcomputer-readable media for determining a deployment of an accesscontrol system.

BACKGROUND

Access control systems can selectively restrict access to places and/orother resources (e.g., computing devices) of various facilities (e.g.,buildings, plants, refineries, etc.). An access control system may be animportant aspect of security and safety throughout spaces of a facility.

Previous approaches to deploying access control systems may involvemanual definition of boundaries, security zones and/or access policiesassociated with a facility. Approaches using such manual definition maybe time-consuming and/or inconsistent, for instance. Further, suchapproaches may pose difficulties associated with future updatesfollowing change(s) in spaces of a facility (e.g., due to construction,remodeling, etc.).

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an example of a display associated with a plurality oftwo-dimensional spaces extracted from a building information model of afacility according to one or more embodiments of the present disclosure.

FIG. 2 is an example of a display associated with connections between aplurality of two-dimensional spaces extracted from a buildinginformation model of a facility according to one or more embodiments ofthe present disclosure.

FIG. 3 is an example of a display associated with a plurality of accesszones of a facility according to one or more embodiments of the presentdisclosure.

FIG. 4 is an example of a display associated with selectively allowingroles access to zones of a facility according to one or more embodimentsof the present disclosure.

FIG. 5 is an example of a display associated with validating an accesssolution based on a route through a facility according to one or moreembodiments of the present disclosure.

FIG. 6 is an example of a display associated with validating an accesssolution for a particular zone based one or more access readersassociated with the zone according to one or more embodiments of thepresent disclosure.

FIG. 7 illustrates a computing device for determining a deployment of anaccess control system according to one or more embodiments of thepresent disclosure.

DETAILED DESCRIPTION

Devices, methods, and systems for determining a deployment of an accesscontrol system are described herein. For example, one or moreembodiments include extracting a plurality of two-dimensional spacesfrom a building information model of a facility, determining a pluralityof connections between the plurality of spaces, defining a zone of thefacility, wherein the zone includes a subset of the plurality of spacesand a subset of the plurality of connections between the spaces, andassociating an access reader with a particular connection of the subsetof the plurality of connections located on a boundary of the zone.

Access control system deployment in accordance with one or moreembodiments of the present disclosure can automate boundary definitionand/or placement of access readers associated with a facility, forinstance. Accordingly, embodiments herein can save configuration timeand enhance consistency over previous approaches.

Additionally, embodiments of the present disclosure can determine anaccess solution associated with a facility (e.g., a deployment of anaccess control system) and display the solution in various mannersconfigured to increase user understanding. Accordingly, embodiments ofthe present disclosure can allow users to readily visualize and/orvalidate determined access solutions in various manners.

In the following detailed description, reference is made to theaccompanying drawings that form a part hereof. The drawings show by wayof illustration how one or more embodiments of the disclosure may bepracticed.

These embodiments are described in sufficient detail to enable those ofordinary skill in the art to practice one or more embodiments of thisdisclosure. It is to be understood that other embodiments may beutilized and that process changes may be made without departing from thescope of the present disclosure.

As will be appreciated, elements shown in the various embodiments hereincan be added, exchanged, combined, and/or eliminated so as to provide anumber of additional embodiments of the present disclosure. Theproportion and the relative scale of the elements provided in thefigures are intended to illustrate the embodiments of the presentdisclosure, and should not be taken in a limiting sense.

The figures herein follow a numbering convention in which the firstdigit or digits correspond to the drawing figure number and theremaining digits identify an element or component in the drawing.Similar elements or components between different figures may beidentified by the use of similar digits.

As used herein, “a” or “a number of” something can refer to one or moresuch things. For example, “a number of spaces” can refer to one or morespaces.

FIG. 1 is an example of a display 100 associated with a plurality oftwo-dimensional spaces extracted from a building information model of afacility according to one or more embodiments of the present disclosure.Display 100 may illustrate a floor of a facility (e.g., a building,plant, refinery, etc.), for instance. Display 100 can be displayed bycomputing device 750 (e.g., user interface 756 of computing device 750)described in connection with FIG. 7.

As shown in the example illustrated in FIG. 1, display 100 can include aplurality of extracted spaces (e.g., extracted spaces 102, 104, 106, and108 (generally referred to herein as spaces 102-108). Spaces 102-108 canrepresent areas, rooms, sections, etc. of a facility. Each of spaces102-108 can be defined by a number of walls, for instance. It is to beunderstood that though certain spaces are discussed as examples herein,embodiments of the present disclosure are not limited to a particularnumber and/or type of spaces.

Spaces 102-108 can be extracted from a building information model (BIM)(e.g., a three-dimensional model) and/or from BIM data via a projectionmethod (e.g., by projecting 3D objects of the BIM onto a 2D plan), forinstance. Spaces 102-108 can be polygons, though embodiments of thepresent disclosure are not so limited. Various information and/orattributes associated with each of spaces 102-108 (e.g., semanticinformation, name, Globally Unique Identifier (GUID), etc.) can beextracted from the BIM and/or BIM data along with the spaces themselves.

Connections (e.g., relationships, openings and/or doors) between spaces102-108 can also be extracted from BIM data. A given space in a facilitymay be connected to another space via a door, for instance. Similarly,spaces extracted from BIM data may be connected via a graphical and/orsemantic representation of a door. Additionally, spaces extracted fromBIM data may be connected by a “virtual door.” For example, though aroom may be a contiguous open space (e.g., having no physical doorstherein), a BIM model associated with the room may partition the roominto multiple (e.g., 2) spaces. Embodiments of the present disclosurecan determine a connection between the spaces, as will further bedescribed herein (e.g., in connection with FIG. 2).

FIG. 2 is an example of a display 200 associated with connectionsbetween a plurality of two-dimensional spaces extracted from a buildinginformation model of a facility according to one or more embodiments ofthe present disclosure.

In a manner analogous to display 100, display 200 includes a space 202,a space 204, a space 206, and a space 208. Display 200 can include aproperty window 201 configured to display various properties of ahighlighted space (e.g., ID, name, type, etc.). As shown in the exampleillustrated in FIG. 2, space 202 (e.g., room 2-1190) has beenhighlighted. Display 200 can include a space connections window 203configured to display connections between the highlighted space andother spaces. As shown in FIG. 2, display 200 can include amiscellaneous window 205 configured to display additional informationassociated with the highlighted space 202.

Connections can be determined in various ways. In some embodiments,connections between spaces may be defined (e.g., pre-defined) by the BIMmodel from which the spaces were extracted. In such embodiments, a querycan be made by a user to determine the connections. For example, wallsof a facility (e.g., all walls of a facility) can be provided responsiveto a query of “IfcRelSpaceBoundary.” To determine openings (e.g., doors)between any of the spaces, the user can make another query. For example,the query “IfcRelVoidsElement” can yield an IfcOpeningElement having apredefined type “OPENING.” Another query “IfcRelFillsElement” can yielda RelatedBuildingElement of type IfcDoor.

In some embodiments, spatial reasoning (e.g., one or more geometryalgorithms) can be used to determine connections between spacesresponsive to a user input. For example, polygons of doors of space 202can be determined to intersect with a boundary of space 202. Continuingin the example, another space (e.g., space 204) can be determined to beconnected to space 202 if a boundary of space 204 intersects with thedoor of space 202.

As shown in FIG. 2, space 202 has been determined to have threeconnections with other spaces: a connection 210-1, a connection 210-2,and a connection 210-3. The connections 210-1, 210-2, and 210-3 connectspace 202 to space 208, space 206, and space 204, respectively.

Once connections between spaces of a facility are determined, a user candefine one or more access zones of the facility (generally referred toherein as “zones”). Such zones can include a subset of the spaces (and asubset of the connections between the spaces), and can be used toselectively allow access to different areas of the facility depending ona role of a person inside the facility (as will be further describedherein).

FIG. 3 is an example of a display 300 associated with a plurality ofaccess zones of a facility according to one or more embodiments of thepresent disclosure.

Embodiments of the present disclosure can allow a user to select one ormore spaces to define an access zone of a facility. For example, a usercan use a mouse to drag a rectangle over a plurality of spaces to selectthe spaces. The selected spaces can be associated with a particular zoneresponsive to a user input. One or more spaces can be added to the zoneor removed from the zone by individual mouse clicks, for instance.

As shown in FIG. 3, display 300 includes a plurality of defined zones: azone 312, a zone 314, a zone 316, a zone 318, a zone 320, a zone 322, azone 324, a zone 326, a zone 328, a zone 330, a zone 332, and a zone334. Zone 312 includes a space 302 analogous to space 102 and/or space202 previously discussed in connection with FIGS. 1 and 2, respectively.

Zones can be displayed in display 300 using particular colors, forexample. Each zone can be displayed using a different (e.g., respectiveand/or unique) color. However, embodiments of the present disclosure arenot so limited; for example, any of the colors can be changed by a user.

Once defined, embodiments of the present disclosure can use theconnections between the spaces, previously discussed, to check the zonesfor consistency and/or potential problems. For example, embodiments canprovide a notification to a user responsive to any space of theplurality of spaces not being included in a defined zone, a boundary ofa zone not falling on a wall and/or door of the facility, a zonecomprising one or more disjoint spaces, and/or a space belonging to morethan one zone.

Once defined, access readers can be associated with the zones. Forexample, embodiments of the present disclosure can determine locationsof doors associated with each zone (e.g., responsive to a user input).If a door connects a first space to a second space, and the first spacebelongs to a particular zone but the second space does not belong to theparticular zone, embodiments of the present disclosure can determinethat the door is on a boundary of the particular zone.

Access readers (e.g., simulated access readers and/or graphicalrenderings of access readers) can be associated with doors on boundariesof zones. That is, a respective access reader can be associated witheach connection located on a boundary of the zone. In some embodiments,one or more doors of a facility may be permanently locked. If a door ispermanently locked, embodiments of the present disclosure can remove anaccess reader that may have been associated with that door and/or changea status of the door to “locked.”

In some embodiments, access to a zone may be allowed by an access readerassociated with a door to the zone. Whether or not a particular personis allowed access to a zone may depend on that person's role. A role, asreferred to herein, can be a level and/or degree of privilege (e.g.,access rights and/or security clearance). A person's role can define towhich zone(s) he or she is allowed access. A person's role can be storedon a token (e.g., an access card), for instance. The token can beconfigured to be read by any of the access readers previously discussed.

Different roles may have different privileges with respect to aparticular zone. In a facility, roles can include a manager, anemployee, a visitor, and a maintenance worker (e.g., maintainer), forinstance, though such examples are not to be taken in a limiting sense.

FIG. 4 is an example of a display 400 associated with selectivelyallowing roles access to zones of a facility according to one or moreembodiments of the present disclosure.

As shown in FIG. 4, display 400 can include a role window 440 configuredto allow a user to add (e.g., typographically input) a role. Once input,role(s) can be selected and/or highlighted (e.g., by clicking on them)using role window 440. A highlighted role can then be associated with aparticular zone via an input associated with the zone (e.g., by clickingon the zone). Accordingly, a user can indicate that a particular role isallowed access to a zone via one or more access readers of the zone byclicking on the zone, for instance. As shown in role window 440, rolescan be associated with (e.g., allowed to access) more than one zone.

In some embodiments, an access solution associated with the facility canbe determined. Determining the access solution can include defining theplurality of zones of the facility, defining a respective subset of theplurality of zones to which each of a plurality of roles is allowedaccess, locating at least one opening associated with an outer boundaryof each zone, and associating a simulated access reader with the atleast one opening.

Embodiments of the present disclosure can allow the validation of anaccess solution in various manners. For example, as shown in FIG. 4,highlighting a particular role (e.g., Manager) can result in the display(e.g., highlighting) of any zones of the facility to which that role isallowed access. Each of the zones to which a particular role is allowedaccess can be displayed using a same color (e.g., green). As shown inFIG. 4, an accessible portion 436 is highlighted while an inaccessibleportion 438 is not. Accordingly, the user can easily view and/or checkwhich roles are allowed access to which zones of a facility.

Access solutions can be validated based on one or more routes takenthrough a facility. A route (e.g., path) taken by a particular rolebetween two spaces can be displayed to determine and/or verify thataccess readers of the facility are located and/or configured correctly.

FIG. 5 is an example of a display 500 associated with validating anaccess solution based on a route through a facility according to one ormore embodiments of the present disclosure.

As shown in FIG. 5, display 500 can include a route window 542 allowinga user to input a role, a source space (shown in display 500 as sourcespace 544), and a destination space (shown in display 500 as destinationspace 546). Using the determined connections between the spaces, forinstance, embodiments of the present disclosure can determine a routefrom the source space 544 to the destination space 546. As shown in FIG.5, the route (e.g., any spaces along the route) can be highlightedand/or displayed using a particular color. Various embodiments can allowthe user to visualize routes between spaces for a given role.

FIG. 6 is an example of a display 600 associated with validating anaccess solution for a particular zone based one or more access readersassociated with the zone according to one or more embodiments of thepresent disclosure.

As shown in FIG. 6, display 600 can include a check window 648. Usingthe check window 648, a user can select a particular zone of thefacility and activate an element to determine if the access readersassociated with the particular zone are correctly configured. Forexample, access readers associated with a particular zone should allowaccess to a role that is granted access (e.g., by a user determination).The role can access the zone via any of the card readers associated withthe zone. As shown in FIG. 6, check window 648 can include an indicator(e.g., “success”) if the access solution is determined to be compatiblewith all of its associated access readers. If the access solution isdetermined to not be compatible with all of its associated accessreaders, embodiments of the present disclosure can display a differentindicator (e.g., “failure”) and/or indicate which access reader(s) arenot compatible with the solution.

FIG. 7 illustrates a computing device 750 for determining a deploymentof an access control system according to one or more embodiments of thepresent disclosure. Computing device 750 can be, for example, a laptopcomputer, a desktop computer, or a mobile device (e.g., a mobile phone,a personal digital assistant, etc.), among other types of computingdevices.

As shown in FIG. 7, computing device 750 includes a memory 752 and aprocessor 754 coupled to memory 752. Memory 752 can be any type ofstorage medium that can be accessed by processor 754 to perform variousexamples of the present disclosure. For example, memory 752 can be anon-transitory computer readable medium having computer readableinstructions (e.g., computer program instructions) stored thereon thatare executable by processor 754 to determine a deployment of an accesscontrol system in accordance with one or more embodiments of the presentdisclosure.

Memory 752 can be volatile or nonvolatile memory. Memory 752 can also beremovable (e.g., portable) memory, or non-removable (e.g., internal)memory. For example, memory 752 can be random access memory (RAM) (e.g.,dynamic random access memory (DRAM) and/or phase change random accessmemory (PCRAM)), read-only memory (ROM) (e.g., electrically erasableprogrammable read-only memory (EEPROM) and/or compact-disc read-onlymemory (CD-ROM)), flash memory, a laser disc, a digital versatile disc(DVD) or other optical disk storage, and/or a magnetic medium such asmagnetic cassettes, tapes, or disks, among other types of memory.

Further, although memory 752 is illustrated as being located incomputing device 750, embodiments of the present disclosure are not solimited. For example, memory 752 can also be located internal to anothercomputing resource (e.g., enabling computer readable instructions to bedownloaded over the Internet or another wired or wireless connection).Although not shown in FIG. 7, computing device 750 can include adisplay. The display can be configured to display one or moreembodiments herein (e.g., any of displays 100, 200, 300, 400, 500,and/or 600), for instance.

As shown in FIG. 7, computing device 750 can also include a userinterface 756. User interface 756 can include, for example, a display(e.g., a screen). The display can be, for instance, a touch-screen(e.g., the display can include touch-screen capabilities).

User interface 756 (e.g., the display of user interface 756) can provide(e.g., display and/or present) information to a user of computing device750. For example, user interface 756 can provide displays 100, 200, 300,400, 500, and/or 600 previously described in connection with FIGS. 1-6to the user.

Additionally, computing device 750 can receive information from the userof computing device 750 through an interaction with the user via userinterface 756. For example, computing device 750 (e.g., the display ofuser interface 756) can receive input from the user via user interface756. The user can enter the input into computing device 750 using, forinstance, a mouse and/or keyboard associated with computing device 750,or by touching the display of user interface 756 in embodiments in whichthe display includes touch-screen capabilities (e.g., embodiments inwhich the display is a touch screen).

Although specific embodiments have been illustrated and describedherein, those of ordinary skill in the art will appreciate that anyarrangement calculated to achieve the same techniques can be substitutedfor the specific embodiments shown. This disclosure is intended to coverany and all adaptations or variations of various embodiments of thedisclosure.

It is to be understood that the above description has been made in anillustrative fashion, and not a restrictive one. Combination of theabove embodiments, and other embodiments not specifically describedherein will be apparent to those of skill in the art upon reviewing theabove description.

The scope of the various embodiments of the disclosure includes anyother applications in which the above structures and methods are used.Therefore, the scope of various embodiments of the disclosure should bedetermined with reference to the appended claims, along with the fullrange of equivalents to which such claims are entitled.

In the foregoing Detailed Description, various features are groupedtogether in example embodiments illustrated in the figures for thepurpose of streamlining the disclosure. This method of disclosure is notto be interpreted as reflecting an intention that the embodiments of thedisclosure require more features than are expressly recited in eachclaim.

Rather, as the following claims reflect, inventive subject matter liesin less than all features of a single disclosed embodiment. Thus, thefollowing claims are hereby incorporated into the Detailed Description,with each claim standing on its own as a separate embodiment.

What is claimed:
 1. A method for determining a deployment of an accesscontrol system, comprising: extracting a plurality of two-dimensionalspaces and a plurality of pre-defined connections between the pluralityof spaces from a building information model of a facility using acomputing device; determining which of the plurality of pre-definedconnections are doors and which of the plurality of pre-definedconnections are virtual doors, wherein a virtual door includes aconnection between at least two spaces partitioned by the buildinginformation model of the facility; defining a zone of the facility,wherein the zone includes a subset of the plurality of spaces and asubset of the plurality of pre-defined connections between the spaces,and wherein a notification indicating at least one of the plurality ofspaces belong to more than one zone is displayed on a display of acomputing device once the zone of the facility is defined; associatingan access reader with a particular connection of the subset of theplurality of pre-defined connections determined to be a door and locatedon a boundary of the zone; and displaying the zone and the associatedaccess reader on the display of the computing device.
 2. The method ofclaim 1, wherein the method includes: receiving an indication that aparticular role is allowed access to the zone via the access reader; anddisplaying the zone in a particular color via a graphical rendering ofthe facility.
 3. The method of claim 1, wherein the method includesdetermining the plurality of connections between the spaces responsiveto a user query.
 4. The method of claim 1, wherein the method includesallowing a user to define the zone via a selection of the subset of theplurality of the spaces.
 5. The method of claim 1, wherein the methodincludes defining a plurality of zones of the facility.
 6. The method ofclaim 1, wherein the method includes providing a notification responsiveto any space of the plurality of spaces not being included in the zoneof the facility.
 7. The method of claim 1, wherein the method includesremoving the access reader associated with the particular connection ofthe subset of the plurality of pre-defined connections determined to bea door and located on the boundary of the zone responsive to adetermination that the particular connection is a permanently lockeddoor.
 8. The method of claim 1, wherein the method includes: indicatingthat a particular role is allowed access to the zone via the accessreader; and displaying the zone and the particular role allowed accessto the zone.
 9. The method of claim 1, wherein the method includesallowing a user to select a particular role and associate the particularrole with a particular zone via an input associated with the particularzone.
 10. The method of claim 1, wherein the method includes: displayinga source space of the facility; displaying a destination space of thefacility; and displaying a route from the source space to thedestination space.
 11. A computing device for determining a deploymentof an access control system, comprising: a display; a memory; and aprocessor configured to execute executable instructions stored in thememory to: extract a plurality of two-dimensional spaces and a pluralityof pre-defined connections between the plurality of two-dimensionalspaces from a building information model of a facility; determine whichof the plurality of pre-defined connections are doors and which of theplurality of pre-defined connections are virtual doors, wherein avirtual door includes a connection between at least two spacespartitioned by the building information model of the facility; allow auser to define a plurality of zones of the facility via the display,each of the plurality of zones including a respective subset of theplurality of spaces and a respective subset of the plurality ofpre-defined connections determined to be doors, and wherein anotification indicating at least one of the plurality of spaces belongto more than one zone is displayed on the display of the computingdevice once the plurality of zones of the facility are defined; and foreach of the plurality of zones: associate a respective access readerwith each of the plurality of pre-defined connections determined to be adoor and located on a boundary of the zone.
 12. The computing device ofclaim 11, wherein the instructions are executable by the processor to,for each of the plurality of zones, receive an indication that a role isallowed access to the zone via the access reader.
 13. The computingdevice of claim 11, wherein the instructions are executable by theprocessor to: determine a route between two of the plurality of spacesbased on the plurality of pre-defined connections; and determine a roleallowed access to the route via at least one access reader on the route.14. A non-transitory computer readable medium having computer readableinstructions stored thereon that are executable by a processor to:extract a plurality of two-dimensional spaces and a plurality ofpre-defined connections between the plurality of spaces from athree-dimensional building information model of a facility; determine aplurality of openings connecting the spaces; determine which of theplurality of openings are doors and which of the plurality of openingsare virtual doors, wherein a virtual door includes a connection betweenat least two spaces partitioned by the building information model of thefacility; determine an access solution associated with the facility,wherein the instructions to determine the access solution includeinstructions to: define a plurality of zones of the facility, whereineach of the plurality of zones includes at least one of the spaces, andwherein a notification indicating at least one of the plurality ofspaces belong to more than one zone is displayed on a display of acomputing device once the plurality of zones of the facility aredefined; define a respective subset of the plurality of zones to whicheach of a plurality of roles is allowed access; locate at least oneopening determined to be a door and associated with an outer boundary ofeach of the plurality of zones; associate a simulated access reader withthe at least one opening determined to be a door; and display theplurality of zones and the associated simulated access reader with theat least one opening determined to be a door on the display of thecomputing device.
 15. The computer readable medium of claim 14, whereinthe instructions are executable by the processor to display each of theplurality of zones using a different color.
 16. The computer-readablemedium of claim 15, wherein the instructions are executable by theprocessor to allow a user to change each of the different colors. 17.The computer readable medium of claim 14, wherein the instructionsinclude instructions executable by the processor to: determine a routefrom a first space of the plurality of spaces to a second space of theplurality of spaces; and display the determined route.
 18. The computerreadable medium of claim 14, wherein the instructions are executable bythe processor to display each of a subset of the plurality of zones towhich a particular role is allowed access using a same color.